trinity-devel@lists.pearsoncomputing.net

Message: previous - next
Month: February 2011
Re: [trinity-devel] bugs.pearsoncomputing.net - DNS entry causing confirmation email to be rejected by postfix 'reject_unknown_client'

From: "David C. Rankin" <drankinatty@...>
Date: Mon, 28 Feb 2011 17:53:31 -0600
On 02/28/2011 05:22 PM, Timothy Pearson wrote:
>> Tim,
>>
>>   I went to register for the bugzilla and found that the confirmation
>> request
>> from 74.84.118.181 was rejected by postfix because 74.84.118.181 does not
>> provide a proper reverse lookup causing:
>>
<snip>
>>   It is 'reject_unknown_client' causing the rejection. From:
>> http://www.postfix.org/postconf.5.html the rejection is caused when:
>>
<snip>
> Hi David,
> 
> How exactly did you get this error?  My reverse DNS checks out OK and I
> don't see any problems with a test registration on the Bugzilla.
> 
> Thanks!
> 
> Tim

Tim, my postfix setup is:

[17:35 nirvana:/home/david/Documents/law/clients-rlf] # postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = nirvana.3111skyline.com
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_interfaces = 66.76.63.120
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com,
drrankin.com
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org

<** I had to remove reject_unknown_client from the line above **>

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
unknown_local_recipient_reject_code = 550

  Before removing 'reject_unknown_client' from smtpd_client_restrictions, the
confirmation email was rejected with (note I've removed the @ signs below and
replaced them with ' at '):

Feb 28 16:22:22 nirvana postfix/smtpd[6858]: NOQUEUE: reject: RCPT from
unknown[74.84.118.181]: 450 4.7.1 Client host rejected: cannot find your
hostname, [74.84.118.181]; from=<bugs@...> to=<trin at
3111skyline.com> proto=ESMTP helo=<vali.starlink.edu>
Feb 28 16:22:22 nirvana postfix/smtpd[6858]: disconnect from unknown[74.84.118.181]

  After removing 'reject_unknown_client' the confirmation came through no problem:

Feb 28 16:32:05 nirvana postfix/smtpd[6966]: warning: 74.84.118.181: address not
listed for hostname pearsoncomputing.net
Feb 28 16:32:05 nirvana postfix/smtpd[6966]: connect from unknown[74.84.118.181]
Feb 28 16:32:05 nirvana postfix/smtpd[6966]: 8E24D5FBCD:
client=unknown[74.84.118.181]
Feb 28 16:32:05 nirvana postfix/cleanup[6968]: 8E24D5FBCD:
message-id=<201102282222.p1SMMIkD004700@...>
Feb 28 16:32:05 nirvana postfix/smtpd[6966]: disconnect from unknown[74.84.118.181]
Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD:
from=<bugs@...>, size=2878, nrcpt=1 (queue active)
Feb 28 16:32:05 nirvana postfix/local[6971]: 8E24D5FBCD: to=<me at
3111skyline.com>, orig_to=<trin at 3111skyline.com>, relay=local, delay=0.4,
delays=0.31/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command:
/usr/bin/procmail -a "$EXTENSION")
Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD: removed

  I wish I could tell you the reason why postfix was rejecting the messages with
'reject_unknown_client' set as a smtpd_client_restrictions entry, but alas, my
postfix knowledge doesn't extend that far... But, I can confirm the behavior and
let you know what caused the rejection.

  I can see the lookup for pearsoncomputing.net just fine as well:

[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 74.84.118.181
Server:         192.168.6.17
Address:        192.168.6.17#53

Non-authoritative answer:
181.118.84.74.in-addr.arpa      name = pearsoncomputing.net.

Authoritative answers can be found from:
118.84.74.in-addr.arpa  nameserver = ns2.mcomdc.com.
118.84.74.in-addr.arpa  nameserver = ns1.mcomdc.com.

  However, I think postfix doesn't like the fact that there is no
"hostname.pearsoncomputing.net', provided, just a domainname. Fox example, when
I do a lookup on my office server, I get:

[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 66.76.63.60
Server:         192.168.6.17
Address:        192.168.6.17#53

Non-authoritative answer:
60.63.76.66.in-addr.arpa        name = mail.rbpllc.com.

Authoritative answers can be found from:
63.76.66.in-addr.arpa   nameserver = ns2.suddenlink.net.
63.76.66.in-addr.arpa   nameserver = ns1.suddenlink.net.
ns2.suddenlink.net      internet address = 66.76.2.133

  Notice the "name =" difference. I have a hostname, you just have your domain.
Like I said, I'm no postfix expert, but I think that (or something along those
lines) is what is happening.



-- 
David C. Rankin, J.D.,P.E.
trinity-devel@lists.pearsoncomputing.net

Re: [trinity-devel] bugs.pearsoncomputing.net - DNS entry causing confirmation email to be rejected by postfix 'reject_unknown_client'

powered by ezmlm-www (v1.4.5)
